Every developer worth his or her salt knows better than to hard code API tokens, encryption keys, and user credentials. But a quick search on public GitHub repositories shows this happens all too often.
Latest case in point: Researchers from website security firm Detectify found more than 1,500 Slack tokens on GitHub. The developers had shared their code thinking others may be able to reuse a bot for their Slack teams.